6 ## Make sure we're running as the CA user. I don't trust ASN.1 parsers
7 ## to run as root against untrusted input -- especially OpenSSL's one.
11 *) exec sudo
-u ca
"$0" "$@" ;;
16 ## linkserial CERT [SERIAL]
18 ## Make a link for the certificate according to its serial number.
21 serial
=$
(openssl x509
-serial
-noout
-in "$cert")
23 t
=index
/byserial
$suffix/$serial.pem
25 other
=$
(readlink
"$t")
26 echo "Duplicate serial numbers: ${other##*/}, ${cert##*/}"
34 ## linkhash CERT [SUFFIX]
36 ## Make links for the certificate according to its hash.
39 fpr
=$
(openssl x509
-fingerprint
-noout
-in "$cert")
40 for opt
in subject_hash subject_hash_old
; do
42 hash=$
(openssl x509
-$opt -noout
-in "$cert")
43 while t
=index
/byhash
$suffix/$hash.
$n; [ -L
"$t" ]; do
44 ofpr
=$
(openssl x509
-fingerprint
-noout
-in "$t")
45 other
=$
(readlink
"$t")
46 case "${cert##*/}" in "${other##*/}") continue ;; esac
49 echo "Duplicate certificates: ${other##*/}, ${cert##*/}"